Cryptography in the Age of Heartbleed

Explore a keynote address from AppSecUSA 2016 delivered by cryptographer and assistant professor Matthew Green on the challenges of cryptography in the era of widespread data breaches. Delve into the complexities faced by developers implementing encryption technologies, examining recent vulnerabilities in secure web protocols and the ongoing struggle to protect cryptographic software against sophisticated attackers. Gain insights into the current state of user-friendly cryptography, the impact of flawed protocols and software libraries, and the critical need for simplifying cryptographic implementations. Learn about Green's extensive experience in computer security, his contributions to anonymous cryptocurrencies, and his team's work in exposing vulnerabilities in encryption technologies across various industries.

Intro
My background
Why this talk?
SSL/TLS
How secure is TLS? - Many active attacks and implementation vulnerabilities
Why these problems?
Quite a bit
Ciphersuite Negotiation
MITM Negotiation
Example 2: Negotiation
Crypto library APIs
Present Day
Too much complexity 2/3
Algorithm Choices 1/2
Ambiguous specification 1/2
Non-intuitive interfaces 3/7
Language problems
Solution: Simplify!
Software
CVE-2015-7756
Crypto is hard